[WEB SECURITY] security findings management

Rohit Pitke rohirp92 at yahoo.com
Tue Dec 20 09:28:37 EST 2011

A good bug management system with proper authentication and authorization management system shall suffice.
You can take a look @ Bugzilla. However, most of traditional systems are not equip to carry all data that you may ant to put as security-bug. So you might want to either change some of these open source systems to add some fields or write down your own. 
Also, multiple copies of pentest report also helps sometime.(Restricted access under your subversion system)

 From: Lebeau Frederic <frederic.lebeau at websurf.be>
To: "websecurity at webappsec.org" <websecurity at webappsec.org> 
Sent: Friday, December 16, 2011 4:14 AM
Subject: [WEB SECURITY] security findings management

Hello, i'm looking for a tool to manage(keep trace, history, status) all security issues found during dynamic testing or code review activities.
Does someone can help me?

The Web Security Mailing List

WebSecurity RSS Feed

Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter

websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20111220/97cdcc3e/attachment-0003.html>

More information about the websecurity mailing list